<?php
session_start();
include "library.php";

//If user has not logged in, redirect to login page

if(!isset($_SESSION["username"])){
  header("Location:login.php");
}

//If user presses logout button, close session, redirect

if(isset($_POST["logout"])){	
  session_unset();
  session_destroy();
  header("Location:home.php");
}

//If admin, redirect to home page

if($_SESSION["position"] == 1){ //Admin not allowed to use this function
  header("Location:members.php");
}

//Print header
print_header($_SESSION["position"], 8);

$pwdb = connectSQLServer("wendlc_teamsci","sdd","");
mysql_select_db("wendlc_TeamSci");

//First thing, populate page with all files that the user has uploaded give option of Public, Private, or Both

echo "Please pick one of the following views for your files.<BR><BR>";
?>
<form method = 'post'>		
<SELECT NAME = 'choices' SIZE = 3>			
<OPTION VALUE = "Public">Public</OPTION>
<OPTION VALUE = "Private">Private</OPTION>
<OPTION VALUE = "Both">Both</OPTION>
</SELECT><BR><BR>
(Leave blank to see all entries)<BR><BR>
Keywords: <input type = "text" name = "searchFor" value = "" MAXLENGTH = 300/><br /><BR/>
<input type = 'submit' name = 'add1' value = 'Enter' /><br />
</form>
<?php

//If a choice has been made and user presses submit, process

if(isset($_POST["choices"]) && isset($_POST["add1"])){
	
  //If public, else if private, else if both

  if($_POST["choices"] == "Public"){
    $perm = 1;
  } else if($_POST["choices"] == "Private"){
    $perm = 0;
  } else if($_POST["choices"] == "Both"){
    $perm = 2;
  }

  //Get UserNum so user files can be pulled from Files Table
	
  $queryUser = sprintf("Select UserNum FROM Users WHERE UserID = '%s'",
	mysql_real_escape_string($_SESSION["username"], $pwdb));
  $resultUser = dbquery($queryUser);
  $UserOb = mysql_fetch_object($resultUser);
	
  //Query all files that the user has
	
  if($perm == 0 || $perm == 1){
    $queryFiles = sprintf("SELECT * FROM Files Where User = '%s' AND Public_Private = '%s' AND Name LIKE '%s' ORDER BY Time DESC",
	mysql_real_escape_string($UserOb->UserNum, $pwdb),
	mysql_real_escape_string($perm, $pwdb),
	mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["searchFor"]))."%", $pwdb));
    $resultFiles = dbquery($queryFiles);
  } else{
    $queryFiles = sprintf("SELECT * FROM Files Where User = '%s' AND Name LIKE '%s' ORDER BY Time DESC",
	mysql_real_escape_string($UserOb->UserNum, $pwdb),
	mysql_real_escape_string("%".stripslashes(htmlspecialchars($_POST["searchFor"]))."%", $pwdb));
    $resultFiles = dbquery($queryFiles);
  }

  //Display files in table form with two radio buttons 
	
  $count = 0;
  echo "<table id = \"filetable\"><form method = 'post'><tr><th>File</th><th>Tags</th><th>Upload Date</th><th>Public or Private</th><th>Link</th><th>Suggest</th></tr>";
  
  //While there are files to display, display

  while($FilesOb = mysql_fetch_object($resultFiles)){

    //Need to display two different views based on if the files is public or private
		
    if($FilesOb->Public_Private == 0){
      $radios[$count] = $FilesOb->FileID; //Used for processing user input after submission
      $count++;

      //Display different messages depending on pending status of a file

      if($FilesOb->ApproveFlag == 0){
        echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Private</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td><td width = 150><INPUT TYPE = \"radio\" NAME = \"PermDec".$FilesOb->FileID."\" VALUE = \"1\">Suggest<INPUT TYPE = \"radio\" NAME = \"PermDec".$FilesOb->FileID."\" CHECKED VALUE = \"2\">Wait</td></tr>";
      }else{
        echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Private</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td><td width = 150>Pending Review</td></tr>";
      }
    } else {
      echo "<tr><td width = 150>$FilesOb->Name</td><td width = 150 height = 50>$FilesOb->Tag</td><td width = 150>".date("F j Y",$FilesOb->Time)."</td><td width = 100>Public</td><td width = 100><a href=\"/TEAMSCI/DetailView.php/?file_name=".$FilesOb->Name."\">Link</a></td><td width = 150>N/A</td></tr>";
    }	
  }
  echo "</table><BR>";
  echo "<input type = 'submit' name = 'add2' value = 'Suggest Files' /><br />";
  echo "</form>";
  $_SESSION["array"] = $radios;		
}

//Now that the user has made their choices, if they press Suggest Files, process input
//We will denote a request by siginaling a flag in the database associated with the file

if(isset($_POST["add2"])){
  $loopCount = 0;
  $radios = $_SESSION["array"];

  //While there are radios to process, process
	
  while($loopCount <= sizeof($radios)){

    //File has been Suggested, do nothing on else

    if($_POST["PermDec".$radios[$loopCount]] == 1){ 
      $queryUpdate = sprintf("Update Files SET ApproveFlag = '%s' WHERE FileID ='%s'",
	 mysql_real_escape_string("1",$pwdb),
	 mysql_real_escape_string($radios[$loopCount],$pwdb));
      dbquery($queryUpdate);
    }
  $loopCount++;
  }
}
print_footer();
?>